Hackers Using GO To Create Undetectable Malware Programs latest 2021
An open source programming language written by Google is becoming the favorite language for malware writers, according to a new report.
Analysis from cyber security company Intezer reports that the Go programming language is winning fans on the other side of the fence at an alarming rate.
The company claims that malware written in Go has been steadily increasing, with an increase of almost 2000% in new malware strains written in the language spotted in the wild.
The report notes that Go was awarded “Programming Language of the Year” by TIOBE in 2016 due to its popularity, which might have brought it to the attention of malware writers.
As it breaks down some of the popular malware written in Go, the report notes that the language is used by both state-sponsored and non-state sponsored threat actors.
“A big part of the current Linux malware written in Go are bots that either are used for DDoS or installing cryptominers,” observes Intezer as it analyzes the use of Go by threat actors in 2020.
Why Golang?
Infiltration into systems without being detected is the primary goal of most malware and Golang seems to assist attackers with this feature.
- The multi-variate language enables a single codebase to be compiled into all major operating systems such as Linux, Windows, and Mac.
- Also, because malware written in Golang is large in size, this lets threat actors go undetected as certain antivirus software cannot scan files that big.
- The language also has a rich library ecosystem that makes the process of creating quite smooth.
How widespread is the use in recent times?
- Linux malware authors used the Ezuri crypter written in Golang to evade antivirus detection as part of their infiltration process into Windows and Linux environments. For the attackers, Ezuri worked both as a crypter and loader for ELF binaries.
- In early 2021, a new Golang-based RAT dubbed ElectroRAT was discovered targeting a variety of OS platforms with an aim to steal cryptocurrencies. The malware was distributed via fake domains, fake social media accounts, and trojanzied applications.
- The last week of December 2020 witnessed a new worm written in Golang aiming at Windows and Linux servers to run XMRig miner that mines Monero cryptocurrency.
- Similarly, in the early week of December 2020, researchers uncovered a new Golang variant of PlugX malware used by the TA416 threat actor group in an attack campaign against entities in the Vatican and Myanmar.
Apart from above malware there are repositories in Git which can help you to develop malware from various methods. In which most of the functions are compatible with both Linux and Windows.
Here’s the link for Git Repository to create malware using GO: https://github.com/redcode-labs/Coldfire
Not only this there’s a payload generator which can generate and undetectable payload which is written in Go. Hercules can create multiple payloads that can bypass antivirus software’s and even migrate your payload to persistent location in victims machine.
https://github.com/EgeBalci/HERCULES
Golang-based malware is growing by leaps and bounds with several enhanced capabilities added to its arsenal. In coming years, these types of malware variants are feared to fuel more cybercrimes as attackers continue to expand their malicious motives.
Keep Coming for more
Happy Hacking